A malicious program is typically a program installed in a device, such as a computer, to enable controlling the device by a remote input message. A communication protocol is usually defined specifically for the malicious program. Therefore, exploration of the communication protocol is fundamental for analyzing and preventing suspicious activity by the malicious program. Analyzing a network communication protocol, such as that of the malicious program and speculating about and extracting a format specification for a communication message used by the communication protocol may be referred to as “protocol reverse engineering”. However, in the existing methods, data packets are analyzed through statistical analysis, or the command and control protocol is found by virus analysts manually. These techniques result in a large human resource investment, low analysis efficiency, long analysis time, and high false negative rate.